<?php defined( '_MAXSITE' ) or die( 'Restricted access' );
/**
 * @package	Atomymaxsite - Maxsite
 * @license	LICENSE.txt
 * @license	GNU General Public License version 2 or later; see LICENSE.txt
 * @since	Version 2.5.0
 */


if(empty($_POST['op']))
{
    $db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
    $sql = "SELECT * FROM web_shoutbox ORDER BY id DESC";
    $res = $db->select_query($sql);
    $adminlog = FALSE;
    if($admin_user!='')
    {
        $adminlog = TRUE;
    }
    while ($row = $db->fetch($res))
    {
        $remove = $adminlog===TRUE ? '<a href="#" id="'.$row['id'].'" class="del_box" title="remove">[X]</a>' : '' ;
        echo '<li><b>'.$row['name'].'</b>: '.$row['message'].$remove.'</li>';
    }
    
}
else if($_POST['op']=='save')
{
    if(USE_CAPCHA){
        
        if($_POST['security_code']!==$_SESSION['captcha_code'])
        {
            header('Content-type: application/json');
            echo json_encode(array(
                'success' => FALSE,
                'message' => _JAVA_CAPTCHA_NOACC
                ));
            exit;
        }
    }
    
    /**
     * Validation FORM again 
     */
    //var_dump($_POST);
    $name = htmlspecialchars($_POST['name'], ENT_QUOTES, 'UTF-8');
    $message_box = htmlspecialchars($_POST['message_box'], ENT_QUOTES, 'UTF-8');
    
    $emo = array(':)', ':D', ':(', ':o', ':p', ';)', ':|', 'x(', ':~');
    $img_emo = array(
        '<img src="images/smilies/smile.gif" />',
        '<img src="images/smilies/laugh.gif" />',
        '<img src="images/smilies/sad.gif" />',
        '<img src="images/smilies/shock.gif" />',
        '<img src="images/smilies/tongue.gif" />',
        '<img src="images/smilies/wink.gif" />',
        '<img src="images/smilies/blah.gif" />',
        '<img src="images/smilies/mad.gif" />',
        '<img src="images/smilies/drool.gif" />'   
    );
    $message = str_replace($emo, $img_emo, $message_box);
    
    $added = $db->add_db("web_shoutbox",array(
        'name' => $name,
        'message' => $message,
        'ip' => $IPADDRESS
    ));
    
    $remove = $admin_user!='' ? '<a href="#" id="'.mysql_insert_id().'" class="del_box" title="remove">[X]</a>' : '' ;
    
    $message_callback = '<li><b>'.$name.'</b>: '.$message.$remove.'</li>';
    
    if($added===TRUE)
    {
        $status = TRUE;
        $message = $message_callback;
    }
    else
    {
        $status = FALSE;
        $message = NULL;
    }
    
    header('Content-type: application/json');
    echo json_encode(array(
        'success' => $status,
        'message' => $message,
        'name' => $name
        ));
    exit;
}
else if($_POST['op']=='del_box')
{
    if($admin_user!='')
    {
        $id = intval($_POST['id']);
        $status = $db->del("web_shoutbox","id = ".$id);
        
        header('Content-type: application/json');
        echo json_encode(array(
            'success' => $status
            ));
        exit;
    }
}